I'm trying to make a GitClone from a Gitlab repository. I have generated a ssh key with the command ssh-keygen on my cmd:
Then i added my pub key (starting with ssh_rsa) to my Gitlab account, but whenever i try to make a gitclone, i have the following error:
Any advices? I tried to convert my key with puttygen, but still doesn't work!
The start of my pub key is ssh-rsa key..
And the private key: --BEGIN OPENSSH PRIVATE KEY--
..key..
--END OPENSSH PRIVATE KEY--
Output of ssh -v git#gitlab.(..).com
OK. i Solved the problem. Since i was using TortoiseGit to make a GitClone, this last one doesn't accepts Openssh key. Therefore, once you generate the key, you need to convert it in putty format with Puttygen. Moreover, you must pay attention to the version of the new generated key and you can change the version on puttygen on key>parameters to save key!
Related
I'm using Yubikey 5 NFC and want to move my openssh key into it so that I can authenticate for ssh login via this Yubikey.
Maybe you will suggest to generate a new gpg keypair for Yubikey and use the gpg-agent instead of ssh-agent to authenticate. But I still want to move my current ssh private key into Yubikey because this way I don't have to edit authorized_keys everywhere.
I tried to do this following this article:
https://www.mvps.net/docs/how-to-add-your-existing-ssh-key-to-yubikey-via-openpgp/
which suggest to use pem2openpgp from monkeysphere to translate my ssh key into gpg key and somehow write this translated gpg key into Yubikey (via keytocard command of gpg).
But after all these done. I find that the fingerprint of my ssh key is changed, this is confirmed by following command:
$ ssh-keygen -lf ~/.ssh/id_rsa.pub
$ ssh-add -l
And the fact that the fingerprint changed makes using my current ssh key meaningless -- I still need to edit authorized_keys everywhere to make the "new public key" work.
So is there any other way which can write my old ssh key into Yubikey and keep the old key's fingerprint?
I am trying to set up private key validation on my server. I think this is a simple question, I just don't want to get locked out of the server by mistake! I generated an ssh key with ssh-keygen. It is just a long list of characters as such :
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc
-----END OPENSSH PRIVATE KEY-----
However, the video I am watching on deployment shows an ssh key like such:
ssh-rsa b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc USER#desktop2FBF
I am not sure if they look different because I am on a mac and the guide is using windows. But my key does not begin with ssh-rsa or end with USER#... Also, I see there are two files created with this command, the .pub one I cannot open, so I assume I am copying and pasting the key from the right file(the only one I can open).
Thanks for any help.
ssh keys come in pairs -- a public key and a private key -- and that is what ssh-keygen creates, in two separate files. The file with the .pub extension is the public key, is generally smaller, and has the form you see on the video. The private key has the form you descibe with BEGIN PRIVATE KEY. They are intentionally very different so they don't get accidentally mixed up.
To use the key-pair, you will install the public key on the server, but you keep the private key private -- it never goes anywhere and is never copied; you just use it from your private machine to access the server(s) you've installed the public key on.
So in your case, you need to open the .pub file to get the public key and copy that to you server. The private key you keep local (possibly installing it into your ssh agent)
Open the directory where you created the key.
There will be a file called [kleyname].pub, you will find something like this there [ssh-rsa b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc USER#desktop2FBF]
Just want to leave it here, so the link to the solution won't be lost.
I have a private 4096-byte RSA key (probably it was generated using this guide https://help.github.com/en/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
I've got an error while trying to establish a new connection through an ssh tunnel using DBeaver (6.1.2).
invalid privatekey: [B#540.....
So at first I've found this solution: https://github.com/rundeck/rundeck/issues/4813#issuecomment-492358649 But I didn't really want to recreate my key, cause it was already in use on several servers.
After an hour of googling I've found another suggestion: to use another SSH implementation via the sshj extension: https://github.com/dbeaver/dbeaver/issues/3917#issuecomment-410616717 It can be installed via the built-in package manager: Help -> Install New Software -> https://dbeaver.io/update/sshj/latest/ And it works great!
This error is due to the format of the SSH private key. By default, ssh-keygen is creating a private key using the OpenSSH format—with this header:
-----BEGIN OPENSSH PRIVATE KEY-----
But DBeaver only accept keys using the older PEM format—with this header:
-----BEGIN RSA PRIVATE KEY-----
You can either generate a key directly with the correct header using:
ssh-keygen -t rsa -b 2048 -m PEM
Or you can convert an existing key (careful! this overwrite the existing key, you can just copy the private key and apply the command on the copy):
ssh-keygen -p -m PEM -f id_rsa
There is an open issue on DBeaver's GitHub.
The above suggestions didn't help for me. But in the latest versions of DBeaver, you just have to update implementation to SSHJ, under Advanced settings:
That worked for me!
I got the SSH Tunnel to work on
DBeaver Community Edition Version 7.3.4.202101310933
macOS Catalina version 10.15.7
by doing the following:
in shell:
create private 4096-byte RSA key at default location ~/.ssh/id_rsa using
ssh-keygen -t rsa -b 4096
in DBeaver:
click Help > Install New Software
click Add ...
enter Name: SSHJ
enter Location: https://dbeaver.io/update/sshj/latest/
click Next and go thru the entire SSHJ installation process
(I failed to do this on my first attempt)
click Save
click Restart DBeaver
on SSH Tunnel tab of Connection Settings
use Authentication Method: Public Key
use Private Key: ~/.ssh/id_rsa
(OpenSSH NOT PEM, as others have advised)
enter Passphrase
select Save Password
select Implentation: SSHJ
click Test tunnel configuration
modal dialog is displayed that says
Connected!
Client version: SSHJ_0.27.0
Server version: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
click OK
What I want to do is to copy key to another host.
ssh-copy-id -i ~/.ssh/id_rsa user#host
I get error:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '[homedir].ssh/id_rsa.pub':
So there is no public key. So where is it? I tried to use command
sudo find / -name id_rsa.pub
but it only found one which I generated experimentally in my test directory. I tried sending the experimental from the test directory, but then it keeps infinitely asking paraphrase and does not send when I keep pasting.
So there is something wrong.
I could regenerate using
ssh-keygen -t rsa
but then it tries to use ~./.ssh directory
and wants to overwrite private id_rsa key. I am afraid this might brake something.
So how do I get my public key file?
Just in case someone else comes here looking for an answer to the OP's question... and to directly answer that question (namely, how can you re-generate the .pub key in a situation where it is missing, and you only have the private key)...
Here is the answer:
Regenerating a .pub key from the private key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
The -y option is the command instructing ssh-keygen to output your public key.
This will re-generate the .pub part of the pair. Just as the OP pointed out, if you simply generate a new pair, and replace the old private key, you will lose access to whatever servers you have already provided your public key to. Sure, you can go through the process of providing a new public key to those servers, but why go through that hassle if it can be easily avoided?
RSA keys work on pairs. You can generate ssh private and public keys any number of times..it does not break anything. It simply replaces the old one with a newly generated keys. This only requires you to copy the newly generated public key id_rsa.pub to your remote machine's ~/.ssh/authorized_keys file in order for you to access secure shell using rsa keys.
So generate new rsa keys on your home's .ssh directory (your old keys are replaced by new ones) and copy to the remote host's .ssh directory
cd /home/<your_username>/.ssh
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub remote_username#host:~/.ssh/authorized_keys
then
ssh remote_username#host
Keep passphrase empty while generating your new keys unless you want to enter passphrase every time you try to make a ssh connection.
NOTE: you need to append your public key to authorized_keys file in remote host's ~/.ssh directory if it already exists holding other client's public keys.
i have my access key, secret key, and the downloaded cert pem file.
i understand SSH requires a private key file in order to establish a terminal SSH connection to my instance.
what i did find through Google is that i need to use puttygen to convert my cert pem file into a private key file:
http://www.techrepublic.com/blog/datacenter/connect-to-amazon-ec2-with-a-private-key-using-putty-and-pageant/5085
however, all the instructions i found are based on a GUI puttygetn and i only have the CL version because i am running Linux Fedora 16 on my laptop. i did yum PuTTy, which came with a GUI but puttygen only has a CL version. what i tried to do in puttygen is as follows:
>puttygen cert-***.pem -o default.pem
puttygen: error loading `cert-***.pem': file does not begin with OpenSSH key header
can anybody point what i am doing wrong and how i can use CL puttygen to convert my cert file to a private key file that is usable by SSH to connect to my instances?
thanks in advance
If you are running Linux at the command line, why are you needing to make a ppk with puttygen? Basically the keypair you get from AWS IS in pem format suitable for using in ssh command line.
So if you saved your .pem file from Amazon as /path/to/aws.pem, all you need to do is
ssh -i /path/to/aws.pem user#hostname.com
The ssh private key is completely different from the X.509 certificate and private key. It's a little confusing because folks often save the ssh private key generated by EC2 in a ".pem" file just like the cert and pk use.
You can't convert or use the X.509 certificate or private key for ssh as you tried to do.
You can generate an ssh private key (sometimes called a "keypair") through Amazon EC2 on the AWS console or through the AWS command line tools (ec2-add-keypair). If you are using Putty, you may still need to convert to PPK format as your referenced article describes, but you are converting the ssh key .pem file, not the X.509 private key or certificate.
If you know how to generate your own ssh key locally (or have already done so) then I recommend doing this and uploading the ssh public key to EC2.
When you run an EC2 instance, you then specify the ssh keypair name so that EC2 makes the ssh public key available to the instance, letting you securely ssh in to your new server.